Group: Gamaredon Group

From ATT&CK
Jump to: navigation, search
Gamaredon Group
Group
ID G0047
Aliases Gamaredon Group

Gamaredon Group is a threat group that has been active since at least 2013 and has targeted individuals likely involved in the Ukrainian government.1

Techniques Used

  • Remote File Copy - Tools used by Gamaredon Group are capable of downloading and executing additional payloads.1
  • Scripting - Gamaredon Group has used various batch scripts to establish C2, download additional files, and conduct other functions.1
  • Data from Removable Media - A Gamaredon Group file stealer has the capability to steal data from newly connected logical volumes on a system, including USB drives.1
  • System Information Discovery - A Gamaredon Group file stealer can gather the victim's computer name and drive serial numbers to send to a C2 server.1

Software